Internet of Things (IoT)

Quick links

Updates

1 Aug 2017 | US senators propose IoT security bill

Four US senators have proposed a bill that, if adopted, will impose certain cybersecurity requirements for technology companies that sell Internet of Things (IoT) devices to the US federal government. Titled ‘Internet of Things Cybersecurity Improvement Act’, the bill will require companies to ensure that their products are patchable and do not include ‘hard-coded’ passwords (that cannot be changed). Companies would also have to notify the purchasing agency of any known security vulnerabilities or defects that they become aware of for the duration of the contract. The bill would exempt cybersecurity researchers from liability under the US Computer Fraud and Abuse Act and the Digital Millennium Copyright Act when engaged, in good faith, in researching the cybersecurity of IoT devices.

22 Jul 2017 | UK to introduce new rules for drones

The UK government has announced plans to introduce new rules that would require drones to be registered and users to sit safety awareness tests. Drones weighing over 250 grams will have to be registered by their owners, as a measure ‘to improve accountability and encourage owners to act responsibly’. The government is looking at how to enable the registration of drones to be done online or through web applications. The drone safety awareness test will test the owners’ understanding of UK safety, security, and privacy regulations. Moreover, the government intends to expand the use of geo-fencing technology that would stop drones from entering sensitive areas such as airports or prisons.

17 Jul 2017 | FBI warns about risks associated with IoT toys

The US Federal Bureau of Investigations (FBI) has issued a consumer notice about Internet-connected toys, warning about privacy and safety implications for children. Because smart toys and entertainment devices for children contain technologies that allow them to act based on user interactions, they ‘could put the privacy and safety of children at risk, due to the large amount of personal information that may be unwittingly disclosed’. To address such risks, the FBI outlines several recommendations, including only using toys in environments with trusted and secured Wi-Fi Internet access, researching where user data is stored and carefully reading the disclosures and privacy policies, and checking if the toy can receive firmware and/or software updates and security patches.

Pages

The Internet of Things (IoT) includes a wide range of Internet-connected devices, from highly digitalised cars, home appliances (e.g. fridges), and smart watches, to digitalised clothes that can monitor health. IoT devices are often connected in wide-systems, typically described as 'smart houses' or 'smart cities'. Such devices both generate enormous amount of data and create new contexts in which data are used. IoT triggers a multitude of policy issues, from standardisation to protection of privacy.

When we say that Internet helps us to connect we also implicitly refer to the fact that some of our devices can be connected and transfer data among themselves. Primarily, we are thinking about computers, mobile phones, tablets, e-readers. But what if every device we use on a daily basis, such as transportation vehicles, home appliances, clothes, city infrastructure, medical and healthcare devices, can connect via the global network to a remote center or to other device? This gives the term ‘connected’ a different, broader meaning.

This is the general idea behind the IoT, a network of physical objects or ‘things’ connected via electronics, software, and sensors to exchange data with manufacturers, operators, or other connected device. The main objective is to achieve greater value or service. IoT devices use the present Internet structure, not a separate/different Internet.

The most common sensors currently used for IoT device communication are radio frequency identifiers, universal product codes, and electronic product codes. In addition, researchers are continuously exploring new modalities for connecting IoT devices, such light emitting diodes (LEDs).

Some of the most developed IoT industries include home automation, health monitoring, and transportation. Other industries where IoT is playing a prominent role important role are energy, infrastructure, agriculture, manufacturing, and consumer applications.

In general terms, the IoT in increasingly seen as having a significant development potential, that can contribute to achieving the sustainable development goals (as underlined in an ITU–Cisco Systems report from 2016, and at various sessions held at the IGF 2016 meeting).

Even if the size of a single piece of data generated by connected Iot devices could be quite small, the final sum is staggering due to the number of devices, estimated to reach between 20 and 100 billion by 2020. According to the International Data Corporation, by 2020 the ‘digital universe’ will reach 44 zettabytes (trillion gigabytes), and 10% of this amount would come from IoT devices.

Public and private initiatives

The business sector is leading major IoT initiatives. While companies such as Intel and Cisco continuously develop their portfolios of IoT services, telecom operators have started to deploy IoT-dedicated networks on large scale, to encourage the use of IoT. Moreover, companies from different sectors are joining forces in alliances aimed at further contributing to developments in the field of IoT. Examples include the Open Connectivity Foundation, whose aim is to contribute to achieving interoperability among IoT devices, and the LoRa Alliance, which works in the field of IoT standardisation.

Governments are also becoming more and more aware of the opportunities brought by the IoT, and they are launching various types of initiatives in this area. The European Union, for example, has initiated the Horizon 2010 Work Programme 2016 -2017: Internet of Things Large Scale Pilots for testing and deployment, a funding programme aimed to encourage the take up of IoT in Europe. In the USA, the Department of Commerce has issued a Green Paper on Fostering the Advancement of the Internet of Things, and is exploring a potential role (and related benefits and challenges) for the government in supporting the evolution of the IoT field. The Chinese government, on the other hand, has created the Chengdu Internet of Things Technology Institute, through which it funds research in various IoT-related areas.

IoT, data protection, and security

The IoT generates massive amounts of data, and this has triggered major concerns related to privacy and data protection. Some IoT devices can collect and transmit data that are of personal nature (e.g. the case of medical IoT devices), and there are concerns about how the devices themselves are protected (ensuring their security), as well as about how the data they collect is processed and analysed. While information transmitted by an IoT device might not cause privacy issues, when sets of data collected from multiple devices are put together, processed, and analysed, this may lead to sensitive information being disclosed.

IoT devices are increasingly used as tools in large cyber-attacks, bringing the security of such devices into sharper focus. One notable example is from October 2016, when a series of distributed denial of service (DDoS) attacks against Dyn Inc., a large Domain Name System hosting and DDoS‐response provider serving top online service providers, rendered many services – including Twitter, PayPal, Reddit, and Spotify – temporarily unavailable, and slowed down Internet traffic across the globe. In the context of ongoing debates on the responsibility that the private sector should take when it comes to IoT security, companies have started to launch initiatives in this area. In one such example, AT&T, IBM, Nokia, Palo Alto Networks, Symantec, and Trustsonic have formed the IoT Cybersecurity Alliance, with the aim to ‘help customers address IoT cybersecurity challenges, demystify IoT security, and share best practices’. At the same time, standard-setting organisations are more carefully looking into developing IoT security standards. Despite such initiatives, there have been calls for governmental intervention, with security experts arguing that the private sector is not sufficiently motivated to appropriately address IoT security concerns, and that regulations and public policies are needed to cover issues related to security standards, interoperability, and software updates requirements.

IoT, big data, and artificial intelligence

Ongoing developments in the field of automated systems (i.e. self-driving cars, medical robots, etc.) bring into light an increasingly important interplay between IoT, artificial intelligence (AI), and big data. Artificial intelligence, a field that undergoes a very fast development, provides ‘thinking’ for IoT devices, making them ‘smart’. These devices, in turn, generate significant amounts of data – sometimes labeled as big data. This data is then analysed and used for the verification of initial AI algorithms and for the identification of new cognitive patterns that could be integrated into new AI algorithms.

While this interplay presents an enormous business potential, it also brings new challenges in areas such as the labour market, education, safety and security, privacy, ethics and accountability. For example, while AI systems can potentially lead to economic growth, they could also generate significant disruptions to the labour market. As AI systems involve judgements and decision‐making – replacing similar human processes – concerns have also been raised regarding ethics, fairness, justice, transparency, and accountability. The risk of discrimination and bias in decisions made by autonomous technologies is one such concern, very well illustrated in the debate that has surrounded Jigsaw’s Conversation AI tool. While potentially addressing problems related to misuse of the Internet public space, the software also raises a major ethical issue: How can machines determine what is and what is not appropriate language?

Such challenges have determined both governments and the private sector to take several steps. The US National Science and Technology Council outlined its strategy for promoting AI research and development, while the White House made recommendations on how to prepare the workforce for an AI‐driven economy. The UK Parliamentary Committee on Science and Technology asked the UK government to take proactive measures. In the European Parliament, the Committee on Legal Affairs proposed the adoption of an EU ‘legislative instrument’ to tackle legal questions related to the development of robotics and AI, as well as the introduction of ‘civil law rules on robotics’. In the private sector sphere, major Internet companies (IBM, Facebook, Google, Microsoft, Amazon, and DeepMind) have launched the Partnership on Artificial Intelligence initiative, aimed at addressing the privacy, security, and ethical challenges of AI, and initiating a broader societal dialogue on the ethical aspects of new digital developments.

Actors

In line with its objective of supporting the development of the IoT ecosystem in Europe, the Alliance mostly f

...

In line with its objective of supporting the development of the IoT ecosystem in Europe, the Alliance mostly focuses on developing policy recommendations on issues of relevance for the IoT, and facilitating the adoption of such recommendations across its members. The various working groups created within the organisation have produced reports and recommendations focusing on issues such as smart manufacturing, wearable technologies, smart mobility, smart cities, food safety IoT applications, and smart living environments. In November 2016, the Alliance issued a set of policy recommendations on the Digitisation of European industry, addressing IoT-related policy issues, including trust, numbering and addressing, the free flow of data, and liability.

The Alliance focuses its work on standardising and promoting the deployment of Low Power Wide Area Networks (L

...

The Alliance focuses its work on standardising and promoting the deployment of Low Power Wide Area Networks (LPWAN) as a key enabler of IoT applications. It has developed the LoRa protocol (LoRaWAN), aimed at facilitating interoperability among IoT devices. In addition, it has launched the LoRa Alliance Certified programme, designed as a mark of recognition that IoT products meet national frequency regulations, and ensure LoRaWAN interoperability and compliance of network infrastructure. Members of the Alliance collaborate and share knowledge and experience to guarantee interoperability among their products. The organisation has produced several white papers on issues such as the market potential of LPWA technologies and LoRaWAN security.

The Foundation dedicates most of its work to creating specifications for seamless interoperability among IoT c

...

The Foundation dedicates most of its work to creating specifications for seamless interoperability among IoT connected devices. The developed OIC specification tackles issues such as the core architecture, interfaces, and services, security, and smart home devices, among others. Additional specifications are under ongoing development and review. The Foundation also sponsors the IoTivity project, aimed to deliver an open source reference implementation of the IoT interoperability specifications it is developing. In addition, it runs certification programmes aimed to provide real world testing to help developers ensure that their IoT products work.

More and more standards and guidelines developed by ISO cover issues related to data and information security,

...

More and more standards and guidelines developed by ISO cover issues related to data and information security, and cybersecurity. One example is the 27000 family of standards, which cover aspects related to information security management systems and are used by organisations to keep information assets (e.g. financial data, intellectual property, employeesâ information) secure. Standards 27031 and 27035, for example, are specifically designed to help organisations to effectively respond, diffuse and recover from cyber-attacks. Cybersecurity is also tackled in the framework of standards on technologies such as the Internet of Things, smart community infrastructures, medical devices, localisation and tracking systems, and future networks.

The ITU Telecommunication Standardization Sector (ITU-T) develops international standards (called recommendations) covering information and communications technologies. Standards are developed on a consensus-based approach, by study groups composed of representatives of ITU members (both member states and companies). These groups focus on a wide range of topics: operational issues, economic and policy issues, broadband networks, Internet protocol based networks, future networks and cloud computing, multimedia, security, the Internet of Things and smart cities, and performance and quality of service. The World Telecommunication Standardization Assembly (WTSA), held every four years, defines the next period of study for the ITU-T.

The IEC carries our standardisation and conformity assessment activities covering a vast array of technologies. These range from smart cities, smart grids, and smart energies, to electromagnetic compatibility between devices, digital system interfaces and protocols, and fibre optics and cables. Other areas covered by the Commission through its work include cable networks, multimedia home systems and applications for end-user network, multimedia e-publishing and e-book technologies, safety of information technology and communication technology, wearable electronic devices and technologies, cards and personal identification, programming languages, IT for learning, education, and training, cloud computing and distributed platforms, and the Internet of Things.

Instruments

Standards

The concept of 'Internet of Things' (IoT) generally refers to a network of interconnected physical and virtual devices or objects that use the Internet to exchange data with manufacturers, operators, and among themselves. IoT applications can be found in areas such as transportation, energy, home appliances, medical and healthcare devices, environment, retail, and agriculture.

A more formal definition of the Internet of Things has been elaborated in the framework of the Telecommunication Standardization Sector (ITU-T) of the International Telecommunication Union, and published in the Recommendation ITU-T Y.2060 ‘Overview of the Internet of things’ (adopted in June 2012). According to this recommendation, the Internet of Things represents ‘a global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies. The recommendation also provides a technical overview of the Internet of Things, and outlines the fundamental characteristics (such as interconnectivity, heterogeneity, and dynamic changes) and high-level requirements (such as identification-based connectivity, interoperability, autonomic networking, privacy, and data protection) of the IoT. In addition, the IoT reference model is explained, and details are provided on its components: the four layers (application, service and application support, network, and device), as well as management and security capabilities.

The Recommendation ITU-T Y.2060 is a result of the work carried out by the ITU-T Study Group 13, which is responsible for developing standards and recommendations covering future networks, including cloud computing, mobile, and next-generation networks. While the scope of this group continue to include IoT related issues (such as support of IoT in next generation networks), more specific IoT standardisation work is now carried out within the ITU-T Study Group 20 (created in 2015), whose initial focus is on IoT applications in smart cities and communities.

The increasing availability of IoT devices and applications, and their expansion into new areas are expected to bring significant advantages, but also challenges. Mitigating the security threats and weaknesses of IoT services, and ensuring the protection of privacy and personal data in the context of IoT data transmission are only two examples of such challenges, which are and will continue to be looked into carefully especially by the private sector and the technical community.

Resources

Articles

The report outlines data security threats and concerns in emerging cloud, big data and Internet of Things technologies. Based on the results of a global survey conducted among over 1100 senior security executives, the report identifies the following as the main data security concerns: security breaches/attacks, increased vulnerability from shared infrastructure, lack of control over the location of data, privacy violations from data originating in multiple countries, protecting sensitive data generated by IoT.

Publications

The latest edition of glossary, compiled by DiploFoundation, contains explanations of over 130 acronyms, initialisms, and abbreviations used in IG parlance. In addition to the complete term, most entries include a concise explanation and a link for further information.

The book, now in its sixth edition, provides a comprehensive overview of the main issues and actors in the field of Internet governance and digital policy through a practical framework for analysis, discussion, and resolution of significant issues. It has been translated into many languages.

Reports

The report outlines predictions of the development of the technology, media, and telecommunications sectors in 2017. It covers issues such as: biometric security, distributed denial of service attaches, self-driving vehicles, 5G networks, machine learning, and Internet of Things as a service.

The report, prepared by the Global Commission on Internet Governance, outlines a series of recommendations to policy makers, private industry, the technical community and other stakeholders on modalities for maintaining a ‘healthy Internet’. It tackles aspects such as: the promotion of a safe, open and secure Internet, human rights for digital citizens, the responsibilities of the private sector, safeguarding the stability and resiliency of the Internet’s core infrastructure, and improving multistakeholder Internet governance.

The report looks into how the Internet of Things is issues to address social, economic, and business challenges, discusses factors that accelerate the adoption of the technology, and points to IoT security and privacy related challenges. It also makes recommendations for how business and consumers can derive the most benefit from IoT in the following two years.

The report analyses the opportunities that homes equipped with Internet of Things connected devices offer to society, as well as at the security and privacy risks inherent to such devices. It also provides a series of recommendations on how to maximize the value of IoT home devices, while minimising concerns.

The paper provides an overview of the mobile network ecosystem in 2015, and presents a series of projections and growth trends in the mobile data traffic. A continuously growing adoption of mobile technologies by end users is predicted, and it is expected that this will make the Internet of Everything more sustainable.

This report examines and documents evolutions and emerging opportunities and challenges in the digital economy. It provides a comprehensive overview of the digital economy, including matters of infrastructure, policy, net neutrality, development, privacy and security.

The report explores how Internet of Things applications (can) create value for companies, consumers, and economies, and discusses enablers and barriers in this regard, as well as new business models and a new tech market for IoT.

The report explores the emergence of the Internet of Things connected homes’, analyses consumers’ demand and adoption, and outlines several steps that the industry and the policy makes can take to ensure that IoT can realise its full potential in improving people’s lives.

The report explores the transformative potential of the industrial Internet of things, and analyses opportunities and benefits deriving from IoT connected products, as well as risks and challenges associated with the evolution of the technology. It also outlines a number of recommendations aimed to accelerate the overall IoT development.

GIP event reports

Mr Andy Bates, Executive Director, United Kingdom, Europe, Middle East & Africa, Global Cyber Alliance, introduced the Global Cyber Alliance, and then stated how cybercrime has overtaken normal crime in terms of economic value. Despite the increasing economic risk of cybercrime, he argued that ‘cybercrime is just crime’, pointing out that it is crime adapting to modern tools. In his opinion, the responses should not basically differ too much from the measures taken to address other forms of crime. He highlighted that cybercrime is usually serial in nature, with many criminals potentially using the same vulnerability and being repeat offenders. He discussed the human psychological aspect in the context of phishing and spoofing emails as well as structural issues with the Internet.

He presented a tool called DMARC, which enables individuals and companies to register domains that then establish a handshake between actors to monitor email trustworthiness. In addition, he presented the Internet Immune System, a blacklist given to top level Internet service providers (ISPs) to track pages which contain malware. He argued that ISPs should work towards cleaning up the internet for individuals.

Lastly Bates outlined future scenarios, focussing mostly on the importance of sharing of information across private and public sectors, together with measures that would seek to prevent duplication. In addition to this he mentioned how reporting about cybercrime could be centralised. As a concluding remark he pointed out that individuals need to use common sense and intelligence when addressing cybercrime.

Dr Gustav Lindstrom, Head of the Emerging Security Challenges Programme, Geneva Centre for Security Policy (GSCP), gave a presentation which focussed on the issues and trends for future consideration in the field of cybersecurity. Firstly, he stressed that raising awareness needs to be a constant process. Due to its constantly changing nature, cybercrime should be seen as an emerging threat.

Lindstrom’s second point focussed on the key aspects of evolving technology and services which remain beneficial for us but also pose security challenges. He discussed many developments such as cloud computing, as the cloud is an attractive target for attacks. He described how the cloud can be used to hide malware. In addition to cloud computing, he mentioned how big data, through injecting false data, poses security threats in addition to the privacy issues. He also discussed the issue of 3D printing which can be used to circumvent existing measures, while providing potentially dangerous tools. Circumventing existing measures is also a risk posed by distributed ledger technologies. As a final aspect of this, artificial intelligence and machine learning, despite their ground-breaking advantages, run the risk of being misused and compromised.

The Internet of Things (IoT) can provide benefits, but it also opens the door for many new potential threats. Lindstrom pointed out how the shift in states’ cyber defence and offence poses a challenge. He argued that an increasing number of countries have developed capabilities to move from defence to offence, with roughly 30 countries having dual capabilities, but this number is hazy as is the boundary between defence and offence. As such, Lindstrom suggested, offensive cyber operations will likely increase and cyber weapons might be updated at a fast pace, especially in terms of delivery mechanisms. As a final point, while there are differences in state capabilities, all countries will try to seek to utilise zero-day vulnerabilities to their advantage. He then concluded his presentation by pointing out the increasing role of the private sector in the field, which is not only due to financial aspects but also due to the proliferation of public-private partnerships.

The launch of the Geneva Digital Talks series – organised by the Canton of Geneva – gathered around 80 representatives from the technical, governmental, business, not-for-profit and academic communities. The speakers included representatives from the Canton of Geneva, the International Committee of the Red Cross (ICRC), the EPFL’s School of Computer and Communication Sciences, Deutor Cyber Security Solutions, the Federal Department of Foreign Affairs (FDFA), the University of Geneva, FONGIT (Geneva's high-tech start-up incubator), and the Geneva Internet Platform (GIP). The key messages of the launch event revolved around the need to understand cybersecurity in a multidisciplinary way.

At the start of the discussions, we were reminded that Geneva is, above all, a platform of dialogue and a place for finding sustainable solutions. Moreover, Geneva has a reputation as an ecosystem for stakeholder engagement, where the digital discussions can be people-focused.

Security is key to modern societies, but it was not originally built into the Internet. Addressing it now is comparable to repairing a plane while flying it. To understand the issue, the discussions followed the journey of an Internet data packet that crosses national borders, that is vital to digital economy and innovation, and is ultimately crucial in high-level negotiations impacting a number of sectors.

The interplay between the Silicon Valley as a place of technological development and social disruption, and Geneva as a constructive, human rights-oriented policy space, set the tone of the discussion. Recent calls from the private sector to advance discussions on a cyber treaty, brought forward the need to have a shared understanding of the vulnerabilities, issues and prospects of cyberspace. If a cyber incident amounts to a kinetic attack, international law applies, but for everything in between, there is a ‘grey zone’, just as there is for a distinction between ‘civilian’ and ‘military’ in digital terms. Previously, key conventions have been negotiated with the involvement of non-state actors in equally sensitive fields, such as the Biological and Toxin Weapons Convention or the Chemical Weapons Convention.

On its journey, the Internet data packet is first tested physically: the integrity and correctness of the code are essential, as there is no bug-free software or liability for software in place. While we are getting better at writing and verifying software in safety-critical applications, trust in the ability of others, who are unknown to us, to fix it is gradually eroding if we can no longer distinguish between good and bad intentions.

To diminish the risks of interference and misuse, the Internet data packet should be protected by a community that understands infrastructure, relevant technology and invests in security. Suggestions were made to eliminate the prevalent ignorance and complacency about security, also distinguishing between IT security and cybersecurity. The latter concerns a criminal network with a goal. Effective co-operation needs to include users (to notify about breaches) and providers (to react to vulnerabilities or breaches) working together. Regulation can also be used as a carrot to incentive and a stick to sanction those who do not comply, thus increasing the overall level of security.

When it comes to the framework for state action, different instruments are currently deployed. In addition to the guidelines provided by the UN Group of Governmental Experts in their 2015 report (11 voluntary norms), international law, and in particular the UN Charter, includes provisions on the use of force, the interference in the domestic affairs of states, the peaceful means to solving conflicts, but also, self-defense. International customary law covers state responsibility, even when using proxies, and due diligence for international wrongful acts that apply to digital space. In international humanitarian law, if the kinetic dimension is reached in cyberattacks, cyber means amount to armed conflict. Moreover, the human rights obligations of states apply online, as they do offline (e.g. freedom of expression). Confidence building measures, such as the ones put forward by the Organisation for Security and Cooperation in Europe (OSCE), represent additional means to strengthen collaboration at the global level. With this multi-layered framework in place, it is important to build awareness and strengthen the capacity of states to understand and apply it before new binding rules are discussed.

When discussing the attribution of risk and responsibility, there is a danger of substantive fragmentation: we have global technologies, but local laws and there is an overlap of regulations and sets of conflicting norms, that may be detrimental or counterproductive. The question here is whether we can move from the Geneva Digital Talks to policies, or even to the Geneva Digital Courts to address the needs of regulators. As the birthplace of international arbitration, Geneva has a unique role to play in the attempt to solve Internet-related disputes.

From a digital economy perspective, the Internet data packet has recently been carrying more and more sensitive records, including health and personal data, or social security information. With the advent of the Internet of Things (IoT), we will move from cyber to digital security in a much broader sense. Every second, 95 passwords are stolen around the world, showing that security by itself is no longer enough. There is a need to move from security by reaction to security by interaction. The Internet giants that operate most online services need to be brought into the conversation about norms, key responsibilities and regulation.

The Geneva Digital Talks will continue with a series of events in the build-up to the Internet Governance Forum. The focus of the GDT will be set on the following aspects, identifying key competencies available in Geneva: technological, legal, social and political.

The eleventh Symposium of the Future Networked Car took place on 9 March 2017, during the 87th edition of the Geneva International Motor Show. The Symposium was jointly organised by the International Telecommunication Union (ITU) and the United Nations Economic Commission for Europe (UNECE). The main objective of the event was to offer a platform for a fruitful discussion among different stakeholders – vehicle manufacturers, governments and Information and Communications Technology (ICT) industries – on the future of vehicle communication and automated driving.

The session started with opening remarks from Mr Malcolm Johnson, Vice Secretary-General at the ITU, who stressed the importance of bringing together multiple stakeholders in order to foster technological innovation. In particular, he underlined the crucial role of the ITU as a UN-mandated agency that has successfully brought together and facilitated the convergence between two communities: industry and ICT sectors. The Symposium has seen growing participation in the last years, and has attracted more than 170 participants in 2017.

Ms Eva Molnar, Director of the Sustainable Transport Division of UNECE, joined Mr Johnson in stressing the importance of co-operation, not only between different industry sectors, but also between different agencies – as is the case with the ITU and UNECE. In particular, her speech approached vehicle automation from a regulatory perspective: she reasoned on the relevance of the existing legal conventions vis-à-vis the latest technological changes and pushed for the development of harmonised regulations.

The event comprised five thematic panels, each discussing a specific aspect of vehicle automation.

The Executive Roundtable reflected on the advantages and challenges that automatic driving will bring to individuals and societies once such technology is spread on a larger scale. All speakers talked about the necessity of harmonising the standards regulating such technology among different countries.

In particular, Mr Anders Eugensson, Director of the Governmental Affairs Department at Volvo Car Group, analysed the benefits of automated driving for individuals in terms of costs, liability and accuracy of data. With the development of such technology, customers would purchase automated driving packages that would cost less than a car. Moreover, he considered that cars will operate autonomously, and, in case of accidents, the responsibility would not rely directly on customers. Finally, thanks to cloud connectivity technology, the data available to the car system will be more accurate.

The Second Panel reflected on the benefits of fifth generation mobile networks or wireless systems (5G) for the development of automated driving. The speakers agreed on the crucial role of 5G technology for automated vehicles, especially in terms of connectivity and communication among units. Mr Peter Vermaat, Chair of the Connected Vehicle Working Group at the Wireless World Research Forum, considered that as opposed to a cloud computing type of connectivity (i.e. storing and accessing data over the Internet), Peer-to-Peer (P2P) computing (interconnected communication among peers, i.e. automated vehicles) allows for increased safety and improved efficiency of communication, and reduces the need for infrastructures.

The Third Panel discussed how Artificial Intelligence (AI) will change current transport systems. All the speakers built their discussions on the benefits of automated driving discussed by the previous panellists. Furthermore, they focused mainly on the possible risks to individuals from the deployment of AI. They assessed such risks in terms of security (protection from cyber-attacks), personal data protection (privacy concerns) and social economic externalities (loss of jobs in the car industry or transportation sectors).

The Fourth Panel focused on the relationship between connected vehicles and automated driving. The panellists discussed the co-dependency of connectivity and automated driving: having accurate communication systems among vehicles is crucial for the development of automated driving systems on a larger scale. David Holecek, Director of the Connected Products and Services Division at Volvo Car Group, concluded that connectivity, autonomous driving and AI are the cornerstones that will develop the concept of fully autonomous cars rather than autonomous driving in the future.

The Fifth Panel concluded the session by focusing on the cybersecurity threats to automotive systems. The speakers discussed the consequences that connectivity has in terms of individuals’ security in particular. Based on an interconnected system, automated vehicles operate in a constantly-hostile environment, susceptible to hackers’ attacks, resulting in financial cyber ransom, car theft and loss of control over the vehicle.

The 47th WEF Annual Meeting, which took place in Davos-Klosters, Switzerland, on 17‒20 January, brought together leaders from across business, government, international organisations, academia, and civil society, to discuss several digital policy issues.

The future of the digital economy was an overarching theme for many sessions, exploring aspects such as the digital transformation of industries, the fourth industrial revolution and its implications (in areas such as gender equality and jobs), steps for shaping national digital strategies, the need for shared norms and rules for the digital economy, and trust-based collaboration among stakeholders. Security and crime in the digital era were part of the discussions, with a focus on multistakeholder approaches for tackling cybercrime, the cyber resilience of critical infrastructures, cyberwar and forms of manifestation, and terrorism in the digital age. During the meeting, WEF launched a report on Advancing Cyber Resilience: Principles and Tools for Boards. Prepared in collaboration with the Boston Consulting Group and Hewlett Packard Enterprises, the report outlines a series of principles and tools for companies to tackle cybersecurity risks and ensure the resilience of their information infrastructures.

The advancements in the field of Internet of Things (IoT) and artificial intelligence (AI) were also looked at during this year's WEF meeting, as participants explored policy implications and outlined the need for principles and standards to ensure that IoT and AI products bring benefits to society as a whole, while minimising the risks (in areas such as social inclusion, privacy, and security). Trustworthy online information, a topic that has attracted a lot of attention lately, was also discussed, with a focus on possible modalities for balancing freedom of expression with the need to educate users on how to differentiate between real and misinformation.

In addition to contributing thir views to these and many other discussion tracks, WEF participants used the meeting as an opportunity to launch new initiatives and agree on future actions. In one such example, major financial service providers (e.g. Mastercard, Visa, and Paypal), global IT and telecom companies (e.g. Ericsson and GSMA), and intergovernmental organisations (e.g. the United Nations Development Program and the United Nations High Commissioner for Refugees) agreed on six principles on public-private cooperation aimed at facilitating digital cash payments in crisis-affected populations.

As has been the case at many other high-level events recently, the Agenda for Sustainable Development also featured high in Davos. On a more general level, world leaders discussed the challenges of globalisation and the increasing anti-globalisation trends. Many of the debates revolved around the need to identify modalities for reforming the governance of globalisation processes, with a view to improving them and making them better suited to contribute to global growth and development.

Other resources

The survey, which polled 9,000 individuals from nine countries (Australia, Brazil, Canada, France, Germany, India, Mexico, the United Kingdom, and the United States), offers insights into how end users see the evolution of smart homes, as well as into users’ concerns regarding the security and privacy risks associated with IoT connected home devices.

The set of guidelines contain recommendations on how to mitigate security threats and weaknesses in Internet of Things services. It includes guidelines for service ecosystems, endpoint ecosystems, and network operators.

The document provides guidelines for public and private organisations when plannins and organising the selection and validation of smart city technologies. It describes the types of testing and assessments to consider in order to select the most secure vendors and technologies.

The document provides guidance for the secure implementation of Internet of Things (IoT)-based systems. It provides an overview of IoT security challenges threats to individuals and organisations, and outlines several security control mechanisms that could be used to mitigate such challenges and threats.

GIP Digital Watch

Submit Content

The GIP Digital Watch observatory reflects on a wide variety of themes and actors involved in global digital policy and Internet governance. We welcome information and documents from your organisations. Submitted content will be reviewed and published by our team of knowledge curators.
You can submit your content at digitalwatch@diplomacy.edu